[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: John Locke <mail_at_freelock.com>
Date: 2003-08-12 01:25:57 CEST

Richard in Public wrote:

> I've just set up a Virtual Private Server to centralize personal and
> business info. I plan to use Subversion as my repository. My one
> concern is that, being a VPS, it is possible for my service provider
> to access my files. I don't expect this of course, but I'd be much
> more comfortable if I could encrypt sensitive information. Is it
> possible to have Subversion (or the BerkleyDB configured to) encrypt
> the data that it stores? I'm assuming that the SSL stuff is only
> useful for protecting against data in transfer.

I've thought about these types of issues for a while, because I'm
starting to offer various types of services, including online
repositories, to small business clients. Obviously, confidentiality is a
concern, but due to the factors others have brought up in this thread, I
don't think it's possible to do any sort of encryption/decryption on the
server and not allow a malicious administrator to be able to see it at
some point of the process.

You could encrypt your data before storing it, and decrypt it after
retrieving it--but then only the key(s) you encrypted to could decrypt
it. Also, you would likely lose all the benefits of transmitting and
storing small deltas (because the encrypted secret key would change
every time you encrypted it, making the whole file different every time).

I think the only answer is using a provider you trust. If you don't
trust anyone, host it yourself. It all makes me wonder about some sort
of bonding for service providers, to guarantee the privacy of data. But
this is getting off-topic...

John Locke
Owner, Freelock, LLC
Small Business Computing with Open Source

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 12 01:26:36 2003

This is an archived mail posted to the Subversion Users mailing list.